Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2020-6808 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. | 6.5 |
| 2020-03-24 | CVE-2020-6816 | Cross-site Scripting vulnerability in multiple products In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. | 6.1 |
| 2020-03-24 | CVE-2020-6802 | Cross-site Scripting vulnerability in multiple products In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | 6.1 |
| 2020-03-02 | CVE-2020-6798 | Cross-site Scripting vulnerability in Mozilla Thunderbird If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. | 6.1 |
| 2020-03-02 | CVE-2020-6797 | Improper Input Validation vulnerability in Mozilla Firefox By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. | 4.3 |
| 2020-03-02 | CVE-2020-6795 | NULL Pointer Dereference vulnerability in Mozilla Thunderbird When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. | 6.5 |
| 2020-03-02 | CVE-2020-6794 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 6.5 |
| 2020-03-02 | CVE-2020-6793 | Use of Uninitialized Resource vulnerability in Mozilla Thunderbird When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. | 6.5 |
| 2020-03-02 | CVE-2020-6792 | Missing Initialization of Resource vulnerability in multiple products When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. | 4.3 |
| 2020-02-28 | CVE-2020-6804 | Cross-site Scripting vulnerability in Mozilla Webthings Gateway A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. | 6.1 |